A Bloomberg report says the agency knew about the Heartbleed security flaw that's sent sites like Google scrambling to patch their systems -- but it kept it secret and used it to spy. The agency, however, says that's not so.